2.3 - SOHO (Small Office Home Office) Network



1. A SOHO Router

- Usually an All-in-One; Modem + Router + Switch + WAP + Firewall

- Will have internet access via DSL or Cable Modem
- Have several VLANs built-in
- Automatically performs NAT (Network Address Translation)
- LOCALLY, the LAN interface, the SOHO router is a DHCP server itself, plugging a device into the router itself will assign an IP address
- NO EXTERNAL DEVICE can directly access the INTERNAL network

* NOTE: Security: WPA2 Enterprise is similar to WPA2 but instead of a shared key, users will use their domain credentials to authenticate access to the network



2. NIC (Network Interface Card) [2 choices]

* NOTE: The DHCP (Dynamic Host Configuration Protocol) from the ISP will provide the:

1. IP Address
2. Subnet Mask
3. Default Gateway
4. DNS Server(s)

* NOTE: Otherwise, you can manually add those addresses

1. Wired: 

- Automatically determines the speed you'll use: between 10/100/1000 Mb/s

- Choose between Half (1 device sends/receives data at a time) and Full Duplex (multiple devices communicate)

2. Wireless: 

Enable the adapter, select the correct SSID to connect to and enter the credentials (if needed)



3. IoT (Internet of Things)

- Uses IEEE 802.15.4 [PAN] (Personal Area Network)
- Home automation; mostly WIRELESS; most COMMUNICATION IS OUTBOUND and there is NO SPECIAL PORT MAPPING (NAT configs are required) 
- LACK OF SECURITY
- Uses protocols 1. Zigbee 2. Z-Wave (Proprietary; is a MESH network topology)



4. DMZ (Demilitarized Zone)

- Allows access to a device (and its resources) connected to a network from an OUTSIDE device (or source) [i.e internet]
- Usually just a simple checking of a box to ENABLE the DMZ in settings; 



5. NAT (Network Address Translation)

* NOTE: NAT IS ALWAYS RUNNING

- Great for sending data OUTSIDE to the internet;
- Since all IPv4 addresses are used, this feature allows devices on a network to share 1 IPv4 address to reach the internet; AKA "Source NAT"
- The data that comes back hits the SWITCH and the SWITCH decides which device to forward the data to



6. Port Forwarding (AKA "Destination NAT" [Static NAT]

* NOTE: Destination Address is TRANSLATED from a PUBLIC IP to a PRIVATE IP

- Used to create a service INSIDE a network and perform NAT in the OPPOSITE direction; an INTERNAL device is now avaiable EXTERNALLY
- Think of: 1. Web Servers 2. Gaming Servers 3. Security Cams

[Example: If any device (or server) tries to access my EXTERNAL address from port 8088 ~ 8088 then TRANSLATE those requests to port 80 and send it to my REAL IP address]



7. UPnP (Universal Plug-n-Play)

- Allows network devices to AUTOMATICALL configure and find other network devices; this is called "Zero Configuration"
- Apps on the INTERNAL network can open INBOUND ports using this feature; NO APPROVAL NEEDED; used by Peer-to-Peer apps; NOT SAFE
- SECURITY RISK; DISABLE!!!



8. Whitelist and Blacklsit

* NOTE: Considered "Content Filtering"

- Whitelist: NOTHING PASSES THROUGH unless it is SPECIFICALLY approved; "Implicit Deny"

* Extremely RESTRICTIVE

- Blacklist: EVERYTHING PASSES THROUGH that's NOT on this list

* URLs (maps.google.com)
* Domains (.edu, .org, .net)
* IP Address
